I have an ASP.NET web application using .NET framework 4.5. I am supposed to work on Security for this application. The document requires anonymous authentication for public users who don't need to login, but still have access to resources (read only access and able to download pdf files). In the details page, the users need to enter their email addresses and their company name before they download a file. Meanwhile Administrators are able to modify files that public users are allowed to view and download.
Also, I have an Admin folder in this application that contains all pages that an AD Admin group access.
Can I use authentication/authorization as follows in my root web.config file to work with both public users and Admin with AD Admin group:
...
<system.web>
<authenticationmode="Windows" />
<authorization>
<allowusers="*"/>
</authorization>
</system.web>
...
<location path="Admin">
<system.web>
<authorization>
<allow roles="ADAdminGroup"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
My concern is if the public users access this application using Macintosh, Mobile or Android devices, will it still work with this setup in root web.config file? Is it the right way to setup the web.config file?
Please help!